How to secure DDP?


#1

From what I know, I can connect Meteor A app to Meteor B app by using DDP.connect(url-for-B-app). Does that mean that any app can simply connect to B app by doing DDP.connect? How do I deny/allow connection? Is setting Content Security Policy enough?


#2

You can secure DDP by:

Non-meteor

  • Configure your firewall to only allow inbound traffic from certain IP ranges and on cergain ports

Meteor

  • You can get information about the connection inside of the method function etc.

this.connection will give you info you can use.